I want to be able to enrich my Splunk search results using data in a MySQL database.
Where the 'hostname' field in my Splunk search results matches the hostname field in my database, I want to insert the IP address from the database.
So far I have set up the database connection within Splunk using DB Connect 1, and have returned the contents of my database using dbquery in the search bar.
But how do I now create the database lookup that inserts the IP address into my search results when the hostname is found?
*(I've read all of the documentation but it isn't helping me to understand, I'd appreciate it if someone could provide an explanation with an example).*
↧